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AME^fDMENTS TO THE CLAIMS 

This lifting of claiins will replace all prior versions and listings of claims in tlie 
application: 

LISTING OF CLAIMS: 

I . (Original) A storage system comprising: 

a first storage area having an object stored therein; and 

a second storage area having stored tlieroin an object identifier that identifies the object, 
vvheiein the ohjcci identiller is unique within and outside of the storage system. 



2. (Original) The storage system of claim 1, wherein the object identifier is a Universal 
Unique Identifier (UUBD). 

3, (Currently Amended) The storage system of claim 1, wherein the first and second 
storage areas are storage areas within a database. 



4. (Original) The storage system of claim 3» wherein the object identifier is a Universal 
Unique Identifier (UUTD). 

5, (Original) The storage system of claim 2, wherein the storage system is part of an 
access control system. 
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6. (Original) A memory comprising: 

a first storage area having an object stored therein; and 

a second storage area having stored therein im object identifier that identifies the object, 
wherein die object identifier is unique within and outside of the storage system. 

7. (Original) The memory of claim 6, wherein the object identifier is a Universal Unique 
Identifier (IJnLTID). 

8. (Original) The memory of claim 6, wherein the first and second storage areas 'die 
storage areas within a database structure. 

9. (Original) The storage system of claim 8, wherein the object idenlilier is a Universal 
Unique identifier (UUID), 

10. (Original) A method of storing infonnation in a storage system, comprising; 
storing an object in the storage system; and 

storing an object identifier in the storage system, wherem the object identifier identi Ties 
the object, and the object identifier is unique within and outside of the storage system. 

1 1. (Original) The method of claim 10, wherein the object identifier is a Universal 
Unique Identifier (UUID). 
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12. (Original) The method of claim 10, wherein the object is stored in a database, 

J 3, (Original) The method of claim 10, wherein the object ideatifier is stored in a 
database. 

14. (Original) The method of claim 12, wherein the object identifier is a Universal 
Unique Identifier (UUJJD). 

15. (OriginaJ) The method of claim 13, wherein the object identifier is a Universal 
Unique. Identifier (UUID). 

16. (Original) The method of claim 10, wherein the storage system is pait of an access 
control system. 

17. (Original) An access control method comprising: 

requesting access for a user to a remote resource, wherein the request includes a subject 
identi fier for use in making an access control decision, and wherein the subject identifier is 
unique within and outside of the remote resource and identifies the user, 

18. (Originiil) The access control method of claim 17, wherein the subject identifier is a 
Universal Unique Identifier (UUID), 
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19. (Original) The access control method of claini 18. wherein the request further 
include:* a subject descriptor for use in the access control decision, 

20. (Original) The access control method of claim 19, wherein the subject descriptor is a 
UUID for an organizational structure that includes the user. 

21. (Original) The access control method of claim 19, wherein the access control decision 
is made hy a resource manager that protects the remote resource, and the request is sent over a 
communications path considered safe by the protecting resource manager and the user. 

22. (Original) A computer-readable medium having computer-executable code stored 
Thereon, comprising: 

computer instructions for requesting access for a user to a remote resource, wherein the 
request includes a subject identifier for use in making an access control decision, and wherein the 
subject identifier is unique within and outside of the remote resource and identifies the user. 

23. (Currently Amended) The access control method of claim W 22, wherein the subject 
identifier is a Univcriial Unique Identifier (UUl'D). 

24. (Original) A method of identifying a user requesting access to an object, comprising: 
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establishing a secure communicaiion path between a reference monitor protecting the 
object and a resource manager having information describing the user, in response to a request 
by the user to access the object; 

sending a request for user information from the protecting reference monitor to the 
resource manager, the request including a subject descriptor for the user, wherein the subject 
identifier is a Universal Unique Identifier (IJUTD); 



receiving, in response to the request, the user information located based on the subject 
identifier. 

25. (Original) The method of claim 24, further comprising: 

determining, based on the received user information, if the user has permission to access 
the requested object. 

26. (Original) The method of claim 24, wherein the user information includes information 
relating to an organization of which the user is a member, 

27. (Original) An information storage management system, comprising: 
a collection of stored objects; 

an access control unit for deteraiining if a requestor is authorized to access a protected 
object stored in the collection; 

a resource manager connected to the access control unit and to a commimications 



channel; 
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wherein the resource inanager receives a user's request for access to the protected object, 
the request including a globally unique identifier for ihe user requesting the access, and in 
response to the user's request the resource manager sends over the communications channel to an 
external storage management system a request for informaiion about the user, tl\e request 
including the globally unique identifier; and 

wherein the resource manager upon receiving a response including user information 
about the user passes the user information to the aceess control unit; and based on the user 
infonnatton the access control unit determines whether to grant the subject access to the 
protected object. 

28. (Original) The information storage management system of claim 27, wherein the 
globally unique identifier is a Universal Unique Identifier (UUID). 



29. (Original) The information storage management system of claim 27, wherein the user 
infomiation is organization information indicating whether the user is a member of an 
organization. 

30, (Currently Amended) An information storage management systein, comprising: 
a collection of stored objects; 

an access control unit for determining if a requestor is authorized to access a protected 
object stored in the collection; 
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a resource inanager connected to the access control unit and to a communications 
channel; 

wherein the resource manager receives a user's request for access ro the protected object, 
the request including a globally unique identifier for the user requesling the access, and in 
response to the user's request the resource manager resolves the globully unique identifier to a 
user identifier recognized by an cxtenial storage management system; the resource manager 
sending to the external storage management system a request for infoimation about the user, the 
request including the resolved user identifier; and 

wherein the resource manager upon receiving a response including user information 
about the user passes the user information to the access control unit; and based on the user 
infomiation the access control unit determines whether to grant the subject access to the 
protected object. 

3L (Original) The information storage management system of claim 30, wherein tlic 
globally unique identifier is a Universal Unique Identifier (UUID). 

32. (Original) The information storage management system of claim 30, wherein the user 
infomaation is organization information indicating whether the user is a member of an 
organization. 

33. (Original) The information storage management system of claim 30, wherein the 
resource manager res(3lves the globally unique identifier by using a name server. 
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34. (Currently Amended) A method of accessing a protected object, comprising: 
sending a globally unique identifier for a user to a name resolving device, und receiving 

theiefe^ift there from information about the user; and 

sending to a storage management system containing an object a request for access to the 
object, the request including the information about the user. 

35. (Original) The method of claim 34, wherein the globally unique identifier is a 
Universal Unique Identifier (UUID). 

36. (Currently Amended) A computer-readable medium of computer-executable code for 
accessing a protected object, comprising: 

a first set of computer instructions for sending a globally unique identifier for a user to a 
name resolving device, and receiving ther e from there from informiition about the user; and 

a second set of computer instructions for sending to a storage management system 
containing an object a request for access to the object, the request iricluding the information 
about the user. 



37. (Original) The computer-readable medium of computer-executable code of claim 36, 
wherein the globally unique identineris a Universal Unique Identifier (UUID). 
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